Add senlin-api

Change-Id: Ia030cc819e6dd16f1a7528c5e3664b10560cc8fa

chart/test-values.yaml

@@ -30,6 +30,7 @@ configMap:
   magnum:
     mysql:
       size: 10Gi
+  senlin: {}
   chronyd: {}
   backup:
     secretName: aws-backup

config/samples/operator-config.yaml

@@ -18,6 +18,7 @@ data:
     placement: {}
     neutron: {}
     nova: {}
+    senlin: {}
     backup:
       secretName: aws-backup
       url: s3://backups/

devstack/lib/senlin

@@ -0,0 +1,117 @@
+#!/bin/bash
+#
+# Copyright 2020 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+# init_senlin() - Initialize database
+function init_senlin {
+
+    kubectl create secret generic senlin-config -n openstack \
+    --from-file=/etc/senlin/senlin.conf \
+    --from-file=/etc/senlin/api-paste.ini
+    # (re)create senlin database
+    recreate_database senlin utf8
+
+    $SENLIN_BIN_DIR/senlin-manage db_sync
+    create_senlin_cache_dir
+}
+export -f init_senlin
+
+# configure_senlin() - Set config files, create data dirs, etc
+function configure_senlin {
+    if [[ ! -d $SENLIN_CONF_DIR ]]; then
+        sudo mkdir -p $SENLIN_CONF_DIR
+    fi
+
+    sudo chown $STACK_USER $SENLIN_CONF_DIR
+
+    sudo install -d -o $STACK_USER $SENLIN_CONF_DIR
+
+    SENLIN_API_PASTE_FILE=$SENLIN_CONF_DIR/api-paste.ini
+
+    cp $SENLIN_DIR/etc/senlin/api-paste.ini $SENLIN_API_PASTE_FILE
+
+    # common options
+    iniset $SENLIN_CONF DEFAULT debug "$ENABLE_DEBUG_LOG_LEVEL"
+    iniset $SENLIN_CONF DEFAULT auth_encryption_key $(generate_hex_string 16)
+    iniset $SENLIN_CONF DEFAULT default_region_name "$REGION_NAME"
+
+
+    if [ "$USE_SYSTEMD" != "False" ]; then
+        setup_systemd_logging $SENLIN_CONF
+    fi
+
+    if [ "$LOG_COLOR" == "True" ] && [ "$USE_SYSTEMD" == "False" ]; then
+        # Add color to logging output
+        setup_colorized_logging $SENLIN_CONF DEFAULT
+    fi
+
+    # rpc
+    iniset_rpc_backend senlin $SENLIN_CONF
+
+    # Database connection
+    iniset $SENLIN_CONF database connection `database_connection_url senlin`
+
+    # Keystone authtoken middleware
+    #configure_auth_token_middleware $SENLIN_CONF senlin $SENLIN_AUTH_CACHE_DIR
+    iniset $SENLIN_CONF keystone_authtoken cafile $SSL_BUNDLE_FILE
+    iniset $SENLIN_CONF keystone_authtoken auth_url $KEYSTONE_AUTH_URI
+    iniset $SENLIN_CONF keystone_authtoken username senlin
+    iniset $SENLIN_CONF keystone_authtoken password $SERVICE_PASSWORD
+    iniset $SENLIN_CONF keystone_authtoken project_name $SERVICE_TENANT_NAME
+    iniset $SENLIN_CONF keystone_authtoken project_domain_name Default
+    iniset $SENLIN_CONF keystone_authtoken user_domain_name Default
+    iniset $SENLIN_CONF keystone_authtoken auth_type password
+    iniset $SENLIN_CONF keystone_authtoken service_token_roles_required True
+    iniset $SENLIN_CONF keystone_authtoken interface public
+
+    # Senlin service credentials
+    iniset $SENLIN_CONF authentication auth_url $KEYSTONE_AUTH_URI/v3
+    iniset $SENLIN_CONF authentication service_username senlin
+    iniset $SENLIN_CONF authentication service_password $SERVICE_PASSWORD
+    iniset $SENLIN_CONF authentication service_project_name $SERVICE_TENANT_NAME
+
+    # Senlin Conductor options
+    iniset $SENLIN_CONF conductor workers $API_WORKERS
+
+    # Senlin Conductor options
+    iniset $SENLIN_CONF engine workers $API_WORKERS
+
+    # Senlin Health-Manager options
+    iniset $SENLIN_CONF health_manager workers $API_WORKERS
+
+    # Zaqar options for message receiver
+    iniset $SENLIN_CONF zaqar auth_type password
+    iniset $SENLIN_CONF zaqar username zaqar
+    iniset $SENLIN_CONF zaqar password $SERVICE_PASSWORD
+    iniset $SENLIN_CONF zaqar project_name $SERVICE_TENANT_NAME
+    iniset $SENLIN_CONF zaqar auth_url $KEYSTONE_AUTH_URI/v3
+    iniset $SENLIN_CONF zaqar user_domain_name Default
+    iniset $SENLIN_CONF zaqar project_domain_name Default
+
+    proxy_pass_to_kubernetes /cluster senlin senlin-api-wsgi
+}
+export -f configure_senlin
+
+
+# start_senlin() - Start running processes, including screen
+function start_senlin {
+    run_process sl-eng "$SENLIN_BIN_DIR/senlin-engine --config-file=$SENLIN_CONF"
+    run_process sl-conductor "$SENLIN_BIN_DIR/senlin-conductor --config-file=$SENLIN_CONF"
+    run_process sl-health-manager "$SENLIN_BIN_DIR/senlin-health-manager --config-file=$SENLIN_CONF"
+
+	kubernetes_rollout_restart daemonset/senlin-api
+	kubernetes_rollout_status daemonset/senlin-api
+}
+export -f start_senlin

images/senlin/Dockerfile

@@ -0,0 +1,23 @@
+# Copyright (c) 2020 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+FROM vexxhost/python-builder as builder
+FROM vexxhost/python-base AS senlin-base
+
+FROM senlin-base AS senlin-api
+COPY senlin-wsgi-api /usr/local/bin/senlin-wsgi-api
+EXPOSE 8778
+ENV UWSGI_HTTP_SOCKET=:8778 UWSGI_WSGI_FILE=/usr/local/bin/senlin-wsgi-api
+CMD ["/usr/local/bin/uwsgi", "--ini", "/etc/uwsgi/uwsgi.ini"]

images/senlin/bindep.txt

@@ -0,0 +1,2 @@
+gcc [compile]
+libc-dev [compile]

images/senlin/constraints.txt

@@ -0,0 +1 @@
+--constraint https://releases.openstack.org/constraints/upper/ussuri

images/senlin/requirements.txt

@@ -0,0 +1,6 @@
+uWSGI
+PyKMIP
+PyMySQL
+python-memcached
+sentry-sdk
+git+https://opendev.org/openstack/senlin@stable/ussuri

images/senlin/senlin-wsgi-api

@@ -0,0 +1,34 @@
+#!/usr/local/bin/python
+# Copyright (c) 2020 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import pkg_resources
+
+import sentry_sdk
+from sentry_sdk.integrations.sqlalchemy import SqlalchemyIntegration
+
+from senlin.cmd.api_wsgi import init_app
+from sentry_sdk.integrations import wsgi
+
+
+VERSION = pkg_resources.get_distribution("senlin").version
+
+sentry_sdk.init(
+    release="senlin@%s" % VERSION,
+    integrations=[SqlalchemyIntegration()]
+)
+
+application = init_app()
+application = wsgi.SentryWsgiMiddleware(application)

openstack_operator/operator.py

@@ -39,6 +39,7 @@ from openstack_operator import magnum
 from openstack_operator import nova
 from openstack_operator import neutron
 from openstack_operator import placement
+from openstack_operator import senlin
 from openstack_operator import utils
 
 
@@ -122,6 +123,9 @@ def deploy(name, namespace, new, **_):
     if "barbican" in config:
         spec = set_service_config(config, "barbican")
         barbican.create_or_resume("barbican", spec)
+    if "senlin" in config:
+        spec = set_service_config(config, "senlin")
+        senlin.create_or_resume("senlin", spec)
     if "ceilometer" in config:
         spec = config["ceilometer"]
         ceilometer.create_or_resume(spec)

openstack_operator/senlin.py

@@ -0,0 +1,50 @@
+# Copyright 2020 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+"""senlin Operator
+
+This module maintains the operator for senlin.
+"""
+
+from openstack_operator import utils
+
+MEMCACHED = True
+
+
+def create_or_resume(name, spec, **_):
+    """Create and re-sync a senlin instance
+
+    This function is called when a new resource is created but also when we
+    start the service up for the first time.
+    """
+
+    utils.create_or_update('senlin/api/daemonset.yml.j2',
+                           name=name, spec=spec)
+    utils.create_or_update('senlin/api/service.yml.j2',
+                           name=name, spec=spec)
+
+    if "ingress" in spec:
+        utils.create_or_update('senlin/api/ingress.yml.j2',
+                               name=name, spec=spec)
+
+
+def update(name, spec, **_):
+    """Update a senlin
+
+    This function updates the deployment for senlin if there are any
+    changes that happen within it.
+    """
+    if "ingress" in spec:
+        utils.create_or_update('senlin/api/ingress.yml.j2',
+                               name=name, spec=spec)

openstack_operator/templates/senlin/api/daemonset.yml.j2

@@ -0,0 +1,81 @@
+---
+# Copyright 2020 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: senlin
+  namespace: openstack
+  labels:
+    {{ labels("senlin") | indent(4) }}
+spec:
+  updateStrategy:
+    rollingUpdate:
+      maxUnavailable: 1
+    type: RollingUpdate
+  selector:
+    matchLabels:
+      {{ labels("senlin") | indent(6) }}
+  template:
+    metadata:
+      labels:
+        {{ labels("senlin") | indent(8) }}
+    spec:
+      automountServiceAccountToken: false
+      containers:
+      - name: senlin
+        image: vexxhost/senlin-api:latest
+        imagePullPolicy: Always
+        env:
+        {% if 'sentryDSN' in spec %}
+        - name: SENTRY_DSN
+          value: {{ spec.sentryDSN }}
+        {% endif %}
+        ports:
+        - name: senlin
+          protocol: TCP
+          containerPort: 8778
+        livenessProbe:
+          httpGet:
+            path: /
+            port: senlin
+        readinessProbe:
+          httpGet:
+            path: /
+            port: senlin
+        securityContext:
+          runAsUser: 1001
+        volumeMounts:
+        - name: config
+          mountPath: /etc/senlin
+        - name: uwsgi-config
+          mountPath: /etc/uwsgi
+      volumes:
+      - name: config
+        secret:
+          secretName: senlin-config
+      - name: uwsgi-config
+        configMap:
+          defaultMode: 420
+          name: uwsgi-default
+      nodeSelector:
+        node-role.kubernetes.io/master: ""
+      tolerations:
+      - key: node-role.kubernetes.io/master
+        effect: NoSchedule
+{% if 'hostAliases' in spec %}
+      hostAliases:
+        {{ spec.hostAliases | to_yaml | indent(8) }}
+{% endif %}

openstack_operator/templates/senlin/api/ingress.yml.j2

@@ -0,0 +1,55 @@
+---
+# Copyright 2020 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: networking.k8s.io/v1beta1
+kind: Ingress
+metadata:
+  name: senlin
+  namespace: openstack
+  annotations:
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
+    certmanager.k8s.io/cluster-issuer: "letsencrypt-prod"
+spec:
+{% if spec.ingress.host is defined %}
+  rules:
+  - host: {{ spec.ingress.host }}
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: senlin
+          servicePort: 80
+  tls:
+  - hosts:
+    - {{ spec.ingress.host }}
+    secretName: senlin-tls
+{% else %}
+  rules:
+  {% for v in spec.ingress %}
+  - host: {{ v.host }}
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: senlin
+          servicePort: 80
+  {% endfor %}
+  tls:
+  - hosts:
+    {% for v in spec.ingress %}
+    - {{ v.host }}
+    {% endfor %}
+    secretName: senlin-tls
+{% endif %}

openstack_operator/templates/senlin/api/service.yml.j2

@@ -0,0 +1,28 @@
+---
+# Copyright 2020 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: senlin
+  namespace: openstack
+spec:
+  ports:
+  - name: senlin
+    port: 80
+    protocol: TCP
+    targetPort: senlin
+  selector:
+    {{ labels("senlin") | indent(4) }}

playbooks/functional/devstack.yaml

@@ -86,6 +86,15 @@
       become: true
       command: rsync -av src/opendev.org/vexxhost/openstack-operator/devstack/plugin-barbican.sh /opt/stack/barbican/devstack/plugin.sh
 
+    - name: Copy senlin repo into devstack working directory
+      git:
+        repo: https://github.com/openstack/senlin
+        dest: /opt/stack/senlin
+      become: true
+    - name: Override senlin lib functions
+      become: true
+      command: rsync -av src/opendev.org/vexxhost/openstack-operator/devstack/lib/senlin /opt/stack/senlin/devstack/lib/senlin
+
 # Changes that run through devstack-tempest are likely to have an impact on
 # the devstack part of the job, so we keep devstack in the main play to
 # avoid zuul retrying on legitimate failures.

zuul.d/functional-jobs.yaml

@@ -15,6 +15,8 @@
     - openstack/magnum
     - openstack/magnum-tempest-plugin
     - openstack/horizon
+    - openstack/senlin
+    - openstack/senlin-tempest-plugin
     - openstack/tempest-horizon
     nodeset:
       nodes:
@@ -44,16 +46,18 @@
         magnum: https://github.com/openstack/magnum
         devstack-plugin-ceph: https://github.com/openstack/devstack-plugin-ceph
         barbican: https://github.com/openstack/barbican
+        senlin: https://github.com/openstack/senlin
       devstack_source_dirs:
       - src/opendev.org/openstack
       - src/opendev.org/vexxhost
       tox_envlist: all
-      tempest_test_regex: (\[.*\bsmoke\b.*\]|(^heat_tempest_plugin.tests.api)|(^tempest_horizon.tests.scenario)|(^barbican_tempest_plugin.tests.api)|(^barbican_tempest_plugin.tests.scenario))
+      tempest_test_regex: (\[.*\bsmoke\b.*\]|(^heat_tempest_plugin.tests.api)|(^tempest_horizon.tests.scenario)|(^barbican_tempest_plugin.tests.api)|(^barbican_tempest_plugin.tests.scenario)|(^senlin_tempest_plugin.tests.api)|(^senlin_tempest_plugin.tests.functional))
       tempest_black_regex: (^tempest.scenario.test_network_basic_ops|barbican_tempest_plugin.tests.scenario.(test_certificate_validation|test_image_signing.ImageSigningTest.test_signed_image_upload_boot_failure|test_volume_encryption.VolumeEncryptionTest.test_encrypted_cinder_volumes_cryptsetup))
       tempest_plugins:
       - barbican-tempest-plugin
       - heat-tempest-plugin
       - magnum-tempest-plugin
+      - senlin-tempest-plugin
       - tempest-horizon
       devstack_localrc:
         NEUTRON_DEPLOY_MOD_WSGI: true
@@ -61,7 +65,7 @@
         Q_USE_ROOTWRAP: false
         SWIFT_BRANCH: stable/ussuri
         TEMPEST_PLUGINS: /opt/stack/barbican-tempest-plugin /opt/stack/heat-tempest-plugin
-          /opt/stack/magnum-tempest-plugin /opt/stack/tempest-horizon
+          /opt/stack/magnum-tempest-plugin /opt/stack/senlin-tempest-plugin /opt/stack/tempest-horizon
       docker_use_buildset_registry: true
       minikube_dns_resolvers: [1.1.1.1, 8.8.8.8]
       ensure_kubernetes_minikube_addons: [metrics-server]
@@ -83,6 +87,8 @@
             soft: true
           - name: openstack-operator:images:build:rabbitmq
             soft: true
+          - name: openstack-operator:images:build:senlin
+            soft: true
           - name: openstack-operator:images:build:ceilometer
             soft: true
           - name: openstack-operator:images:build:neutron
@@ -120,6 +126,8 @@
             soft: true
           - name: openstack-operator:images:upload:rabbitmq
             soft: true
+          - name: openstack-operator:images:upload:senlin
+            soft: true
           - name: openstack-operator:images:upload:ceilometer
             soft: true
           - name: openstack-operator:images:upload:neutron

zuul.d/senlin-jobs.yaml

@@ -0,0 +1,42 @@
+- job:
+    name: openstack-operator:images:build:senlin
+    parent: vexxhost-build-docker-image
+    provides: openstack-operator:image:senlin
+    nodeset: &id001
+      nodes:
+      - name: ubuntu-bionic
+        label: ubuntu-bionic-vexxhost
+    vars: &id002
+      docker_images:
+      - context: images/senlin
+        repository: vexxhost/senlin-api
+        target: senlin-api
+    dependencies:
+    - openstack-operator:images:build:openstack-operator
+    files: &id003
+    - ^images/senlin/.*
+- job:
+    name: openstack-operator:images:upload:senlin
+    parent: vexxhost-upload-docker-image
+    provides: openstack-operator:image:senlin
+    nodeset: *id001
+    vars: *id002
+    dependencies:
+    - openstack-operator:images:upload:openstack-operator
+    files: *id003
+- job:
+    name: openstack-operator:images:promote:senlin
+    parent: vexxhost-promote-docker-image
+    nodeset: *id001
+    vars: *id002
+    files: *id003
+- project:
+    check:
+      jobs:
+      - openstack-operator:images:build:senlin
+    gate:
+      jobs:
+      - openstack-operator:images:upload:senlin
+    promote:
+      jobs:
+      - openstack-operator:images:promote:senlin